Solved

Need site to site vpn help

Posted on 2008-09-30
4
2,272 Views
Last Modified: 2013-11-16
Hi, I am trying to get a simple vpn tunnel up and running between two sites. One end uses a juniper netscreen firewall and the other end is a pfsense software based firewall. Should these two devices have any trouble talking? I feel like I am 85% complete but am missing some steps. This is my first attempt of a vpn tunnel. If anyone has done this between these two devices and has any input or patience to work with me that would be greatly appreciated.

Thanks!
0
Comment
Question by:System
  • 2
4 Comments
 

Author Comment

by:System
ID: 22608112
Hi,
  It appears my link is actually up but I can't ping between the subnets. Do I have to do routing and so forth to make this happen? I assume by providing the local subnets during the setup that I wouldn't need to touch the routing?

Thanks
0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 250 total points
ID: 22609459
You will need to specify the local and remote network address range on both of the devices, so that the gateway on each network knows to push traffic down the VPN tunnel for the rmeote networks rather than just trying to resolve on the www.

See this page here for an explaination of the fields on the pfsense....although I'm not experienced with the juniper, it looks like you've done the hard bit if you've got the connection negotiated :)  It's all downhill from here....

http://doc.pfsense.org/index.php/VPN_Capability_IPSec#Site_to_Site_VPN_Explained
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 250 total points
ID: 22611135
ALso note that the tunnel should work OK if  you are not filtering traffic, and both ends are fixed IPs.

If you have one end DHCP, then it is the side that needs to initiate traffic ( ping the other side )


I hope this helps !
0
 

Author Comment

by:System
ID: 22613373
Hi guys,
   Both ends are static IP. I think the problem is with the juniper. It says the VPN link is up but the tunnel interface is down. Not sure how that can be
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS and NSLOOKUP 21 86
Updating Group Policy over a PPTP VPN 21 48
VPN Ports 8 52
URL Link Expander - Want to check safety of shortened links 3 30
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question